Blog

Introduction In recent months, we have observed in our telemetry an increase in ransomware that targets ESXi servers. Since virtualization is the foundation of any large-scale deployment of computing and storage resources, it is not surprising that ransomware actors have now expanded their targets to include virtualization servers: with a single attack it is possible … ContinuedThe post ESXi-Targeting Ransomware: The Threats That Are After Your Virtual Machines (Part 1) appeared first on More info: https://blogs.vmware.com/security/2022/09/esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1.html?utm_source=rss&utm_medium=rss&utm_campaign=esxi-targeting-ransomware-the-threats-that-are-after-your-virtual-machines-part-1

Project: Drupal coreDate: 2022-September-28Security risk: Critical 18∕25 AC:Basic/A:Admin/CI:All/II:All/E:Proof/TD:AllVulnerability: Multiple vulnerabilitiesAffected versions: >= 8.0.0 = 9.4.0 CVE IDs: CVE-2022-39261Description: Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Drupal cores code extending Twig has also been updated to mitigate a More info: https://www.drupal.org/sa-core-2022-016

VMware Threat Analysis Unit (TAU) researchers have recently observed a new technique for the deletion of volume shadow copies seen in newer malware. In a recent ransomware sample it was discovered that the technique, which could still be in development, uses Windows COM (Component Object Model) libraries like a legitimate backup solution to delete all … ContinuedThe post Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware appeared first on VMware More info: https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware

by Michael Hawkins. Insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.Severity/Risk:MinorVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:omaralbalouliCVE identifier:CVE-2022-40208Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75210Tracker issue:MDL-75210 Quiz More info: https://moodle.org/mod/forum/discuss.php?d=438761&parent=1766080

OpenSSH vulnerability CVE-2018-15473 Security Advisory Security Advisory Description OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid ... More info: https://support.f5.com/csp/article/K28942395?utm_source=f5support&utm_medium=RSS

Executive Summary Ransomware is one of the greatest threats to all industries. Threat actors have the ability to severely hinder, or destroy, the operations of organizations that range from small non-profits to global corporations. While there are many research studies on ransomware, this paper will describe specifically its method of destroying a form of Windows … ContinuedThe post Threat Report: Illuminating Volume Shadow Deletion appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/09/threat-report-illuminating-volume-shadow-deletion.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-report-illuminating-volume-shadow-deletion

VMware Threat Analysis Unit (TAU) researchers have recently observed a new technique for the deletion of volume shadow copies. In a recent ransomware sample it was discovered that the technique, which could still be in development, uses Windows COM (Component Object Model) libraries like a legitimate backup solution to delete all volume shadow copies resulting … ContinuedThe post Threat Research: New Method of Volume Shadow Backup Deletion Seen in Recent Ransomware appeared first on More info: https://blogs.vmware.com/security/2022/09/threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-research-new-method-of-volume-shadow-backup-deletion-seen-in-recent-ransomware

Executive Summary ChromeLoader proves to be an extremely prevalent and persistent malware. It initially drops as an .iso and can be used to leak users’ browser credentials, harvest recent online activity and hijack the browser searches to display ads. The VMware Carbon Black Managed Detection and Response (MDR) team observed the first Windows variants of … ContinuedThe post The Evolution of the Chromeloader Malware appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html?utm_source=rss&utm_medium=rss&utm_campaign=the-evolution-of-the-chromeloader-malware

by Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker More info: https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793

by Michael Hawkins. A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Paul HoldenCVE identifier:CVE-2022-40314Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405Tracker issue:MDL-75405 Remote code execution risk when More info: https://moodle.org/mod/forum/discuss.php?d=438393&parent=1764794